From 1899db3a5a00a69920b44df40f13676e0a36f22a Mon Sep 17 00:00:00 2001
From: Vladimir Remenar <vladimir.remenar@gmail.com>
Date: Fri, 8 Mar 2024 23:06:06 +0100
Subject: [PATCH] Drop arm/v7 support, split vuln scan to stages

---
 .github/workflows/docker-image.yml | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 9e58d1c..662bd4d 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -12,8 +12,17 @@ on:
     - cron: '0 22 1 * *'
 
 jobs:
-  build:
+  vulerability-scan:
     runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Perform Scan
+        uses: ShiftLeftSecurity/scan-action@master
+  build-and-push:
+    runs-on: ubuntu-latest
+    needs:
+      - vulerability-scan
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -36,19 +45,22 @@ jobs:
       - name: Get current date
         id: date
         run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
-      - name: Perform Scan
-        uses: ShiftLeftSecurity/scan-action@master
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
           context: .
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: | 
             ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest
             ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
             ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest
             ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
+  image-vulnerability-scan:
+    runs-on: ubuntu-latest
+    needs:
+      - build-and-push
+    steps:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -57,4 +69,5 @@ jobs:
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
\ No newline at end of file
+          severity: 'CRITICAL,HIGH'
+          
\ No newline at end of file